3.21.3 Discussion

One of the benefits of Active Directory over its predecessor Windows
NT is that it relies on DNS for name resolution. Active Directory
uses DNS to locate servers that serve a particular function, such as
a domain controller for a domain, global catalog server, PDC
Emulator, KDC. It also uses the site topology information stored in
Active Directory to populate site-specific records for domain
controllers.

The DC locator process relies on this information in DNS to direct
clients to the most optimal server when logging in. Reliance on DNS
makes it easy to troubleshoot problems related to clients finding
domain controllers. If you know the site a client is in, you can make
a few DNS queries to determine which domain controller they should be
authenticating with.

The resource records a domain controller registers in DNS can be
restricted, so querying DNS may return only a subset of the actual
domain controllers. See Recipe 13.14 and
Recipe 13.15 for more information.